Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marius1
New Contributor

Created on ‎02-09-2016 02:43 AM

The correct approach of IPS configuration

A server behind the FG, hosting different services (mail, web, dns, etc')

 

In between the two methods below, what would be a better approach for IPS configuration

in terms of resource consuming and performance ?

 

A. Creating a single firewall profile with the default IPS profile which covers protection for the whole services.

B. Creating a few firewall profiles for the different services, and apply more specific IPS profile to them

    (for example: protect_dns, protect_http, etc').

 

Thanks,

Marius.

 

2441
0 Kudos
1 REPLY 1
Ralph1973
Contributor

Created on ‎02-13-2016 01:29 PM

Personally I would separate the rules and apply a specific ips profile per policy. The benefit is then that you also can see the amount of traffic/ counters.

But I think it improves performance/ resource usage as well, because, let's say you have an incoming http request to port 80 and you have 3 separate policies (one for smtp, one for ftp and one for imap) above the http policy. The first 3 policies are skipped and it hits the http which only has http specific signatures, apart from default signatures.

If you had only 1 policy, then the packet should have been checked for all signatures, i.e. more memory resources are used to load the database.

So I would separate the rules. :)

Kind regards,

Ralph Willemsen

Netherlands

 

1085
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.